PharmRec® Privacy Policy
Last updated: [09/05/2025]
- Free Telegram services (bots/channels/groups) are for general education only. Do not share personal health information (PHI) in these spaces; they are not HIPAA-covered.
- Subscribed consultations occur on our separate, HIPAA-compliant platform. PHI shared there is protected under HIPAA and accessible only to authorized personnel.
1) Scope
This Privacy Policy describes how PharmRec (“PharmRec,” “we,” “us,” or “our”) collects, uses, and protects information across: (a) our websites including pharmrecai.com; (b) our free Telegram bots/channels/groups; and (c) our subscription consultation services delivered on a separate HIPAA-compliant platform (“HIPAA Platform”).
2) Who We Are
PharmRec provides pharmacist-backed wellness guidance and AI-assisted insights. Our professional consultations are performed by licensed pharmacists. Company address: [Business Address]. Contact: [support@pharmrecai.com].
3) Information We Collect
- Website & Storefront (pharmrecai.com): device data, IP address, analytics events, pages viewed, purchase history, subscription plan details, support messages.
- Free Telegram Spaces (Not HIPAA): usernames, public profile info, messages you send, timestamps, and moderation metadata. Please do not include PHI.
- HIPAA Platform (Subscriptions): PHI you choose to share for care (e.g., conditions, meds/supplements, allergies, history), chat transcripts, files, care notes, pharmacist recommendations, and operational metadata. Collected only within our HIPAA Platform.
- Payment: processed by payment processors (e.g., Shopify/Stripe). We receive limited details (e.g., last 4, status) for reconciliation; full card data is not stored on our servers.
- Support: communications via email or secure portal; if PHI is needed, we route you to the HIPAA Platform.
4) How We Use Information
- Provide free educational guidance (Telegram/forums) without handling PHI.
- Deliver pharmacist consultations on the HIPAA Platform, including reviewing your PHI to create recommendations.
- Operate, maintain, improve, and secure our services; prevent spam, abuse, and fraud.
- Process payments, manage subscriptions, and provide customer support.
- Analyze usage (aggregate/de-identified where possible) to improve quality and safety.
- Comply with law, professional standards, and enforce our Terms.
5) HIPAA-Covered Services (Subscriptions)
When you enroll in a consultation plan, we deliver services exclusively through our HIPAA-compliant platform ([HIPAA Platform Vendor]). Within that environment:
- PHI is collected only as necessary to provide care and recommendations.
- Data is encrypted in transit and at rest; access is restricted to authorized personnel.
- We maintain Business Associate Agreements (BAAs) with applicable vendors handling PHI.
- You may request access to, or deletion of, your PHI as permitted by law; records may be retained to satisfy legal/professional obligations.
- We never sell PHI. We do not use PHI for marketing without your written authorization.
6) Free Telegram Services (Not HIPAA-Covered)
Our free bot, channels, and groups are designed for general education only. Messages in Telegram are processed by Telegram’s infrastructure and may be visible to admins for moderation. Because these spaces are not HIPAA-covered:
- Do not share PHI (e.g., diagnoses, medication lists, lab results, photos of prescriptions).
- If a conversation requires personal details, we will direct you to our HIPAA Platform.
- We may retain limited non-PHI chat records for safety, analytics, and service quality (e.g., counts of questions asked, common topics) in de-identified or aggregate form where possible.
7) Legal Bases / Consent
Depending on your region, we process data based on: (i) your consent (e.g., cookies, marketing); (ii) performance of a contract (subscriptions, orders); (iii) legitimate interests (security, analytics, service improvement); and (iv) compliance with legal/professional obligations. For HIPAA-covered PHI, we follow HIPAA rules and obtain any required authorizations.
8) Retention
- HIPAA Platform (PHI): retained for the period required by law and professional standards, then securely deleted or archived.
- Telegram (non-PHI): minimal operational logs retained for moderation and service quality; we aim to de-identify or aggregate where feasible.
- Commerce/Account: retained as needed for tax, fraud prevention, and accounting requirements.
9) Security
- Encryption in transit and at rest for PHI on the HIPAA Platform.
- Role-based access controls, least-privilege, and audit logging.
- Vendor due diligence and BAAs where applicable.
- Employee training and confidentiality obligations.
- Incident response procedures including breach notification consistent with law.
No online system can be guaranteed 100% secure. Please avoid sharing PHI outside our HIPAA Platform.
12) Marketing Preferences
You can unsubscribe from marketing emails at any time via the link in the email. We do not use PHI for marketing without your authorization.
13) Your Privacy Rights
Depending on your region, you may have rights to access, correct, delete, or restrict processing of your personal data and to portability or objection. For PHI on the HIPAA Platform, you may request access or amendments consistent with HIPAA. Contact us at [support@pharmrecai.com].
14) Minors
Our services are intended for adults. We do not knowingly collect PHI from children without appropriate consent/authorization as required by law.
15) International Users
Your data may be processed in the United States or other locations where we and our vendors operate. We apply safeguards appropriate to the data and context.
16) Changes to this Policy
We may update this Policy from time to time. Material changes will be noted by updating the “Last updated” date and, where appropriate, additional notice.
17) Contact Us
Questions or requests? Email [care@pharmrecai.com] or write to: [Business Address].
18) Key Definitions
- PHI: “Protected Health Information” as defined by HIPAA.
- HIPAA Platform: Our separate, secure environment used for subscribed consultations (e.g., [HIPAA Platform Vendor]), covered by HIPAA and BAAs.
- Free Telegram Services: Our public bot/channels/groups for general education; not HIPAA-covered—please don’t share PHI.
This page is provided for transparency and does not constitute legal advice. PharmRec® is a registered mark of its owner. © 2025 PharmRec. All rights reserved.
